It's funny how many of the comments on your site are people trying to break your security with <script> tags and the like. Good work so far in resisting them ;-)

It would be a lot cooler if you added default CSS styling that made the comments look aesthetically pleasing. And documented the API for changing it.

Right now it looks like the basic functionality is there, but it would catch on a lot easier if it looked unobtrusively snazzy.

Yeah, I definitely need to add a nicer CSS default.

For now, you can just override the CSS in comments.css to skin the widget. The CSS is very simple now - just four different classes.

I also wrote a short blog about the project at: http://www.trailbehind.com/user/andrewljohnson/blog/

I'm very curious to hear criticism of the code, so let me know if you spot bugs or bad style.

This is so cool...

But did you think of security? To prevent automation for example?

Yeah, on TrailBehind.com proper, I have an auth system in place, and a bit of javascript to let users log in mid-action.

For this demo, there is no auth, so a bot could definitely spam it, but it will work ok on your site if you have some sort of auth set up.

Later, I also want to integrate captcha with this, and I'll release my login ajax as an add-on.

It would be so cool if you keep allowing users to comment without login... or even with their Facebook account - Connect.

You can work around this to prevent automation, by IP detection... like each IP can't submit more than 10 comments in an hour at the same domain name, and such similar techniques.

You can distrebute it, to let anyone use it at their websites.

yeah, maybe if you added in a comment rating system, or at least a spam button, it could sort itself out.

Don't let someone post the default text, "Your comment goes here."

Maybe let users login using their Facebook ID. Integrate with Gravatar. Really nice job.

You may consider using clickpass for logins, if you will require login. http://www.clickpass.com/